[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TOS copying considered harmful
>> I don't understand the last sentence. why sequence numbers are the
>> issue? they are defined per SA (= unique to src, and normally
>> identifies single dst), and should not matter even if we add a tunnel
>> encapsulation. could you tell us more?
>
>The anti-replay mechanism is based on these sequence numbers. Replayed packets but
>also packets arriving on the left of the sliding window used to implement this
>mechanism are thrown away. If the TOS is copied from inner to outer header and you
>have different classes of service inside a single tunnel (a single SA), then you are
>subject to packet reordering if some nodes on the tunnel path do QoS based on the tos
>(or dscp). At a certain level of reordering, low prio packets will arrive too late at
>dst, i.e. on the left of the window and be deleted. This is not expected. Once again,
>this is discussed in the draft I mentionned above.
I see. RFC2402 mandates 32bit bitmap, and recommends 64bit bitmap.
- is 64bit not enough for normal nodes?
- if larger window size helps, how big do you suggest?
- if not, what other mechanism do you suggest?
itojun
Follow-Ups:
References: